In this world of hyper-paranoia with regard to that astronomic but fictitious army of baddies who threaten our very existence with their mischief every day, I ask you, is it real or just a figment of the fertile geek imagination ?

In my 6 years of Internet experience, keeping up with the national and local news together with knowing my own neighbourhood, I have only heard of ONE case where money was stolen from an Internet account by a Far Eastern source. The threat is negligible to Mr. and Mrs. John Doe who plonk on regardless with their mundane Internet chores day in and day out without any problems using their honky-tonk security boxes.

Taking part in Wilders, one would get the impression that there are massive hordes of baddies just waiting for each one of us to logon so they can steal our fortunes and personal data. RUBBISH, it amounts to paranoia and an obsessive manifestation of impractical exaggeration.

Virus`s, malware etc. - they are just part of everyday life, akin to getting a flat tyre or engine problem in a car. All they do is give a headache to the person involved - no financial loss occurs, just a pain in the butt.

Infections are a superb discussion point for a Forum, but tend to generate an atmosphere of competition to come up with totally uneconomic solutions of ridiculous over-kill security set ups. Nobody in their right minds wants to win the "Golden Gloves" of Internet Security Award for reasons of technical vanity, just to enjoy this wonderful facility in the manner it was designed for.

My conclusion - Super security - RUBBISH and completely unnecessary. Enjoy the Internet for what it is and what you personally get out of it.
Compromise is the lubricant of civilisation.

The Internet is not an exclusive arena for the Baddies and the Goodies to compete in mortal combat for a World security title. Just for the tens of millions of ordinary people to enjoy and use it the way they wish.

QUESTION 1 : - Do you really think that the Internet is an impenetrable minefield of imminent disaster ?
QUESTION 2 :- How many people do YOU know who have lost money through Internet criminal activity relative to the millions of users ?
Don`t forget the "relative" bit.

Because the answer dictates the emphasis applied to the topic. It is an over-kill subject discussed at great length to the point of boredom and my post tries to explain the difference between the practicality of millions of ordinary users and the technical vanity of experts.

Maybe it's bad luck to mention, but since I got my first computer in 1997 I have had 2 viruses hit both because I was surfing the dark side, and that was in the first few years when I was ignorant. My AV and AS scans never turn up anything.

Infections are a superb discussion point for a Forum, but tend to generate an atmosphere of competition to come up with totally uneconomic solutions of ridiculous over-kill security set ups.

Click to expand...

Then you really havent been paying attention.

Yes, the discussions can get very technical about all sorts of attack scenarios; but the SOLUTION is usually very SIMPLE (and free, or low cost). Once the solution is in place, the user can pretty much forget about the technicalities.

Experts do NOT favor overly complex solutions.

And regarding the internet threat, again, you havent been paying attention. My credit cards have been compromised several times, even though I use linux (and I believe the compromise was not from my internet end). Many people have had their Paypal accounts hacked. Many people have had their email accounts hacked, with spam sent from their accounts, and contact lists sold to spammers leading to embarassment. Many people have had their paypal/email accounts LOCKED.

And there is the danger of identity theft. It is a big big big deal. It can, and has affected users for years; with them not being able to buy houses at decent rates, or get credit cards because some crook ruined their credit history. There are blogs on internet about user experiences.

Last but not least, I view it my responsibility to keep my computer secure, to prevent botnets from using it to attack companies and websites. I do not wish my belongings to be used for crime.

A little time spent on Wilders, and I can (and have) found out simple solutions to acheive my security objectives. It has been made possible by people who really understand security, why something works, and why something not, who have aspired to and then made easy to use security tools and distributed them free of cost.

And THAT, sir, is the real value of Wilders and its participants who you have deemed to be paranoid. It is THEY who have been coming up with (near) bulletproof easy to use solutions, arising out of the "paranoid" dicussions.

And regarding the internet threat, again, you havent been paying attention...

And there is the danger of identity theft. It is a big big big deal....

Last but not least, I view it my responsibility to keep my computer secure, to prevent botnets from using it to attack companies and websites. I do not wish my belongings to be used for crime...

A little time spent on Wilders, and I can (and have) found out simple solutions to acheive my security objectives. It has been made possible by people who really understand security, why something works, and why something not, who have aspired to and then made easy to use security tools and distributed them free of cost....

Click to expand...

Well said
Could I add "and freely distribute expertise" here and elsewhere..

@John Bull:
Of course I have been hijacked; it's what led me to Wilders way back then.
Nothing like seeing those hundreds of pop-ups/unders/overs appearing..

Id theft, credit card rorts, phishin, hijacks, latest exploits...databases hacked on a regular basis.
We will likely never really know exactly what has happened when and to whom.

Just last week I noticed that overnight my partners CC ws used in Dublin Ireland to buy plane tickets..while we were watching TV in Sydney Oz. !!
WTF !!
We have had no issues for >10yrs and then this.
Heh: I'm responsible for our local security.
We are as a rule very careful.
Bank refund:no problem. Bank -LOL- security system algorithm failed to detect any abnormality ...not so unusual or unexpected methinks.
Cancel card: reissue, reorganise routine payments with new card: did it hurt us financially No, was it a pitfa: yes.

There is realistically no way to stop this type of theft.

A friend works at American Express: publicly all the issuers say "Big problem; we have elaborate systems in place... blah blah blah."
Reality is: they really dont care..they regard those low level threats and theft as "pocket change" and do nothing.
My friend suggested that the total annual theft with Am Ex cards was equivalent to less than ONE DAY of total cash flow pa for AmEx.
Why would they care?

@John: do you really believe the elaborate infrastructure devoted to web security is a conspiracy of some sort ??

Do you not think that the proposition that 90%+ of e-mail being spam is evidence of the hijack of the www ??

Do you not see the plethora of Rogue AVs as evidence of systematic extortion?

Do you truly not believe that highly organised and creative criminal enterprises are not working angles to rort the wwweb?

I understand u want to start a discussion, but from my perspective, your postulate reeks of hyperbole, your reasoning is specious and disingenuous, your conclusion is flawed.

The threat is negligible to Mr. and Mrs. John Doe who plonk on regardless with their mundane Internet chores day in and day out without any problems using their honky-tonk security boxes.

Click to expand...

To the contrary, Mr&Mrs Doe are most at risk.

You broached the car analogy: Think of a car accident: millions drive and never get in an accident: but making the wrong choices can be catastrophic for friends, family and innocent parties.

You may be correct: the real pain may not be felt at individuals level ie me and my partner. The greatest damage is likely done at corporate level.

You think you're not paying for that: think again: in the event of corporate loss who do you think will end up footing the bill ??
Not likely to be the CEO
End users....that's You and ME.

QUESTION 1 : - Do you really think that the Internet is an impenetrable minefield of imminent disaster ?

Click to expand...

Dont be absurd, but, the www can be an extremely dangerous environment at many levels.

QUESTION 2 :- How many people do YOU know who have lost money through Internet criminal activity relative to the millions of users ?
Don`t forget the "relative" bit.

Click to expand...

Who gives a toss about "the relative bit" if it's their bank account. You imply you're happy to pay some sort of tithe. !!

The immortal law of Diminishing Returns.

Click to expand...

Which law of physics is that.
How about:
"The price of freedom is eternal vigilance."
Or
"Never seek to know for whom the bell tolls, It tolls for thee."
or
"No man is an island..."

Why do you think you can live within your security bubble??
How about : because thousands of individuals have worked hard to make it so. ??
You've obviously had some benefit from being a member here: I'll give you one example just for the record: https://www.wilderssecurity.com/showthread.php?t=252951
Do you really think Blue wrote this because of paranoia ??
(apologies to BlueZ if I have invoked that thread inappropriately: it seemed apposite)

Verizon investigated 57 "confirmed breaches" that included data theft. The Secret Service investigated 84 similar cases. That's 141 verified cases covering a total of 143 million data records owned by organizations around the world. Verizon's efforts led to arrests in 15% of its cases; the Secret Service's rate was a more-impressive 66%.

As you might imagine, many of the victimized companies don't want their identities to be known. The report states, "... about two-thirds of the breaches covered herein have either not yet been disclosed or never will be." Nevertheless, this aggregate report is still important: it gives an excellent overview of security problems that could affect you, the consumer.

I can't add much more than that, John. You know me, I'm not one to shake in a corner at the thought of super duper malware hitting me. But, there's a difference in not believing that every bad guy is out to get you and logging on to your computer is sufficient enough to get you slammed. But, as stated in Longboard's post, there is a real, massive problem out there, and current laws are not able to deal with it yet. That doesn't mean you are going to be hit by any of it (though what was said about corporate losses being handed down to customers is quite true), but not getting hit doesn't mean it doesn't exist.

It must be, and I'd say it's working. I'm sure the bad guys have no idea where he is hiding.

But seriously, paranoia sells. And as long as companies the size of Symantec (and others, not just picking on them) can make a regular income of it, they have no intention of seeing it stop any time soon. If they ever released a product the solved the problem, it would be the last thing they did.

. . it would be lovely to see the difference between surfing of the masses and the paranoia of experts adequately discussed.

Click to expand...

And how do we "adequately discuss" that particular topic, I wonder?

Would it be similar to an 'adequate discussion' of the difference between an accountant or schoolteacher choosing a car at the local new car dealership lot, and a NASCAR driver's "paranoia" of slamming into the wall at Indy doing 200 mph?

One cannot deny that unscrupulous people, also known as thieves, are always looking for their next mark. How they get their payload is unimportant. They will use the internet to do so if they can. It is not something one should doubt, because plain and simple if there is a way to profit, it will be exploited.

With such undeniable truths like that, it warrants that someone who uses the computer also have a measure of wisdom and caution to do so. You would not give a hitch-hiker your credit card number, so why would you give it to some website that you don't know or trust. If you want to give your credit card number, you should be the one asking for services, not them contacting you out of the blue asking for it. This is common sense obviously. Still, the same as you lock your car and house to prevent theft, the computer is no different. How many times have you been robbed at home? None? Me too. But that does not change the fact that a thief would not do so if it was desirable to him.

While relatively few people of the total population using the internet will be stolen from, what is more likely to happen that also requires some wisdom and caution is inconvenience. We naturally don't want keyloggers or trojans trying to take our personal data or PIN numbers, but we probably stand more risk of contracting some virus/malware that is meant to do nothing but cause problems. These aren't the thieves, they are the bullies of the world. The trouble makers who cause trouble for no reason other than they can and you can't do nothing to stop them.

Most people here I will imagine are more interested in not being inconvenienced with a virus/malware that disrupts what they do and causes many of them to have reinstall or pay someone to fix thier machine. Learning about security is a weapon that you can use against the bullies and thieves, the same as owning a gun, a watchdog, a security system, etc.

It seems to be natural, once you start educating yourself, to find that there are more holes in your defense than you first thought. It moves beyond just putting a lock on the door, because you learn about all the windows and faulty locks that exist, with more added to the list everyday. Becoming 'paranoid' is a very easy thing to do.

There are real risks, real people out there who want to benefit from you, illegally. Simply gaining the knowledge about the most common methods used against you drastically reduces their chances. Staying alert is needed, and it also can cause you to become too alert - paranoia. It is a sign that you are on the watch. At some point you let your guard down, because you tire of being in the paranoid state after some time, at least most people do. And what I think typically happens after you relax a little is that you will no longer fall for the easy tricks, even when relaxed. You become more secure simply because you have knowledge. You might eventually be stolen from, but the odds are against it.

The risks are real, but over-stated. Doing nothing is not good. Doing too much, is it good? It depends on whether you learn anything or not. It can be or it can become something that spins out of control. The people who would make money to stop the thieves would have you be paranoid forever, because it drives their profits. It is a carefully balanced game, the thieves on one side hoping you don't wise up, the businesses on the other hoping you will remain scared. The media in the middle loving the attention it gains by exploiting your fear. Sites like this, where you can actually learn how to defend yourself, sometimes without the use of a paid for tool, is what I am sure none of them like, and also what is best for you.

Some people (maybe someone who is reading this ) find that they like the guns and watchdogs and alarm systems. They go beyond needing to use them, and become fascinated with the myriad of ways one might use anything, even a piece of wood, to defend themselves. They constantly play and experiment, simply because they enjoy it. Are they paranoid still? lol, probably not, they just like the security gizmos.

I'm going to add a more generic reply regarding "people getting their systems infected" in general, not focusing on how seriously. They may be as light as merely getting some unexpected popups, to as heavy as keyloggers resulting in lost CC numbers, bank account exploitation and so on.

These are just a few of our friends forums, and they are not massive websites. There are a huge number of such forums on the web, containing countless millions of "help me, I'm infected" threads. Infections are very real and happen everyday to all kinds of people.

I'm not saying this is exactly what John is talking about above, but, sometimes people post here that infections are not really happening and that it's hype from the security industry. They quote how they've actually tried to get infected and can't. But, as forums like those above show, these things really happen. And, think about this... those are just people who are trying to clean their computers and doing it themselves. We all know there are large numbers of home PCs taken over as part of botnets, (a critical Internet issue because of DDoS which are very real), or for sending bulk spam, and the PC owner doesn't even realize it! Also, there are those who would never try to clean it themselves, but who take their PC to computer shops for repairs. That is a huge business. It wouldn't be if this wasn't a serious problem.

Horse = 1BHP
T-ford = 16 BHP (or 4 times the price of a horse gives me 16x the output great, so the leverage factor = 4)
Modern average car = 100 BHP for 15 times the price of a horse = 100/15 = leverage 6.6
Modern top brand car with 170BHP for the price of 30 horses = leverage 5.6
Modern luxury premium brand car with 200 BHP for the price of 40 horses = leverage 5
Ferrari 2010 version with 500 BHP for the price of 200 horses = leverage 2.5

In ICT there is another law, stating that roughly every two year the performance doubles, while price drops 50%
Just have a look at GPU and CPU performance versus pricing. In the example above the Ferrari 2012 woud provide 1000 BHP against the price of 100 horses, giving a leverage of 10. As shown with the example this has awkard effects on law of deminishing returns.

In security you can get a lot of stuff for free which was paid say 5 years ago. Zero-ing out of the price makes the law of deminishing returns even stranger: 16BHP devided by zero = infinitive, 100BHP devided by zero = infinitive also

Regarding the part about Computer Infections: they result from two broad attack vectors,

Remote Code Execution - driveby downloads, etc

User installs "rubbish" (term courtesy of MrBrian)

I haven't perused the hijack forums in a long time that LowWaterMark refers to, but in years past, the super-majority of infections fell into the second category. This is supported by bloggers at f-secure and Prevx, for example, who stress that the social engineering exploits are the most prevelant.

...there are many people who doesn't care at all about security implications of executing an unknown file. And, moreover, this is the bigger part of users...

People who download cracks from Peer to Peer, people who run false video or audio codecs, people that simply give administrator permissions to every software that asks for them...

You can even add limited accounts and every kind of protection, this would prevent some of malware, but social engineering is still the primary vehicle of attacks and against that there's really no solution if it's used against a so wide range of users.

I got interested in security when I realised that my Norton AV (with my ISP) was not performing its quick scan properly. After some conversations on Symantec's boards about Norton's 'CARNY_RIDE' quick scan bug I decided to download SUPERAntiSpyware. I think I downloaded SpywareBlaster & Spybot at about the same time.

One day while I was surfing Russian journals utilising SeaMonkey's (Google) translator, Google informed me that my computer had been compromised with malware. I had no adblocker in SeaMonkey at that time (I should have used K-Meleon's translator) & I'm pretty sure this contributed to my getting infected.

Anyway, SAS found a trojan that Norton & Spybot missed. I think I joined Wilders at about that time.

It was just ignorance that got me infected, ignorance of how badly many Eastern European sites suffer from malware & basic security ignorance. I thought I was safe with Norton & as I don't bit torrent or download from crack sites I should be OK.

. . sometimes people post here that infections are not really happening and that it's hype from the security industry. They quote how they've actually tried to get infected and can't. But, as forums like those above show, these things really happen.

Click to expand...

How about this:
Plenty of infections actually do happen, AND the security/AV industry hypes things to the max.

No less a luminary than Vint Cerf once stated that a full 25% of all computers are part of a bot. Sorry, but that simply doesn't pass the 'smell test'.
Yet plenty of machines are in fact infected, and some of those machine are also part of a bot network.

I've never heard a single reasonable person claim that "infections are not really happening". Ever.
On the other hand, it's in the AV industry's best interests to over-estimate the level, probability, and possibility of infection. A user living in high fear of being infected is going to spend a lot more money on security products than a user with a low fear of being infected.
Most certainly the AV/security industry is aware of that.

QUESTION 1 : - Do you really think that the Internet is an impenetrable minefield of imminent disaster ?
No.

QUESTION 2 :- How many people do YOU know who have lost money through Internet criminal activity relative to the millions of users ?
No one personally.

Click to expand...

That logic just doesn't wash. Think about it, let's just change what we're "counting": How many people do YOU know who have been murdered relative to millions of people in the population?

See? I personally don't know anybody who has lost their life to a killer. But, that doesn't mean murder is not a possibility, and reading the news, a crime that is one of those "surely it won't happen to me" kind of things. It happens and because of it, we lock our doors, some carry concealed weapons w/permit, etc.

That logic just doesn't wash. Think about it, let's just change what we're "counting": How many people do YOU know who have been murdered relative to millions of people in the population?

See? I personally don't know anybody who has lost their life to a killer. But, that doesn't mean murder is not a possibility, and reading the news, a crime that is one of those "surely it won't happen to me" kind of things. It happens and because of it, we lock our doors, some carry concealed weapons w/permit, etc.

Click to expand...

Your comments got me to thinking. After only 10 minutes, I have come up with 4 people I know who have been murdered (in unrelated cases). I also know 3 people who have killed someone, and I'm not talking in military situations. If I spent more time pondering, I could probably double those figures easily. And I bet there are even more cases where people I know got murdered (or were murderers), but I don't know about it.

Likewise, I also know people who have had their identities stolen and people who have had sums of money stolen via the internet (scams and fraud).

As for the thread topic concerning paranoia, I think it goes without saying that it is healthy to be aware. There is no doubt in my mind that there are a great many individuals who will try to take what isn't theirs, be it a life, or a bank account, or ownership of an operating system.

The operative word being try, it naturally pays to take steps to protect yourself, and it is kind of fun, too... as I slide three shells into the 12 gauge, pat Big Dog on his head, and manually update the AV.